In recent years, studies on an autonomous system are under progress to control an increasingly complex information system and to achieve stable operation thereof. A policy-based autonomous system has received attention as a core technology thereof. To explain briefly, in the policy-based system, a constraint that the system needs to satisfy or an executive operation (procedure) is described as a policy according to a service level objective (SLO) and the like, and then, the policy is provided to the system. The system to which the policy is provided autonomously interprets the policy and autonomously controls resources and the like depending on situations.
In such an autonomous system, whether the policy operates properly in the system, that is, integrity between the policy and the system is required to be validated. For example, Japanese Laid-open Patent Publication No. 2005-196601 discloses a technology in which a test scenario prepared by a system administrator is applied to an autonomous system and whether the policy properly operates in the autonomous system is validated by utilizing a simulation result of the autonomous system operated according to the test scenario.
If no integrity is detected between the policy and the system, a system administrator devises a method for modifying the policy to prevent a system failure by modifying the policy.
In the conventional technology described above, however, integrity between the policy and the system may not always be validated and to modify such a policy requires substantial time and effort.
In other words, in the conventional technology, if the autonomous system does not operate according to the test scenario in the first place, integrity between the policy and the system cannot be validated although integrity of the policy can be validated if the autonomous system operates according to a test scenario and a simulation result can be thus obtained.
Further, in validation utilizing the simulation result, no integrity between the policy and the system that is very unlikely to manifest may be missed out.
Furthermore, substantial time and effort are required because the system administrator is obliged to modify the policy through trail and error each time no integrity is detected between the policy and the system.